Options
New here. Short Hijackthis log with 2 things I don't recognize..
For starters I have always used hijackthis and just deleted stuff I don't recognize. I don't recognize the [InforData] rundl32.exe thing or the NOD32 thing. What should I do about them? Also the only thing I have noticed wrong with my computer i that every once in a while on the internet my computer will direct me to a spam website I was not originally going to. Also sometimes my explorer.exe crashes from a memory overload or something like that even when barely anything running and I have to restart it through the task manager or it restarts on its own. I hope I made it as easy for you guys as possible to help me. The hijackthis log is below. Thankyou.
Logfile of HijackThis v1.99.1
Scan saved at 2:49:03 PM, on 5/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\CRAP\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ymxovpsn.dll",realset
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:49:03 PM, on 5/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\CRAP\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ymxovpsn.dll",realset
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Comments
Lets start with this:
Rename HijackThis.exe to scanner.exe
Please download
VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please download Deckard's System Scanner to your Desktop
* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt
Please post the contents of C:\vundofix.txt, Main.txt,extra.txt and a new HiJackThis log
Checking Java version...
Scan started at 4:08:35 PM 5/7/2007
Listing files found while scanning....
C:\WINDOWS\System32\cbyvslpy.dll
C:\WINDOWS\system32\duucmgha.dll
C:\WINDOWS\system32\hggfecb.dll
C:\WINDOWS\System32\hgjlm.bak1
C:\WINDOWS\System32\hgjlm.bak2
C:\WINDOWS\System32\hgjlm.ini
C:\WINDOWS\system32\iifcywt.dll
C:\WINDOWS\system32\jeipdxrj.dll
C:\WINDOWS\System32\mljgh.dll
C:\WINDOWS\system32\rstdiwwk.dll
C:\WINDOWS\system32\wytekfop.dll
Beginning removal...
Attempting to delete C:\WINDOWS\System32\cbyvslpy.dll
C:\WINDOWS\System32\cbyvslpy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\duucmgha.dll
C:\WINDOWS\system32\duucmgha.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggfecb.dll
C:\WINDOWS\system32\hggfecb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\hgjlm.bak1
C:\WINDOWS\System32\hgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\hgjlm.bak2
C:\WINDOWS\System32\hgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\hgjlm.ini
C:\WINDOWS\System32\hgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifcywt.dll
C:\WINDOWS\system32\iifcywt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jeipdxrj.dll
C:\WINDOWS\system32\jeipdxrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\mljgh.dll
C:\WINDOWS\System32\mljgh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstdiwwk.dll
C:\WINDOWS\system32\rstdiwwk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wytekfop.dll
C:\WINDOWS\system32\wytekfop.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hggfecb.dll
C:\WINDOWS\system32\hggfecb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Run by Chris on 2007-05-07 at 16:17:23
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
99: 2007-05-07 20:17:27 UTC - RP961 - Deckard's System Scanner Restore Point
98: 2007-05-07 07:03:57 UTC - RP960 - System Checkpoint
97: 2007-05-06 05:02:49 UTC - RP959 - System Checkpoint
96: 2007-05-05 04:19:58 UTC - RP958 - System Checkpoint
95: 2007-05-03 19:38:29 UTC - RP957 - Installed DirectX
-- First Restore Point --
1: 2007-02-07 15:03:05 UTC - RP863 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Chris.exe)
Logfile of HijackThis v1.99.1
Scan saved at 4:18:06 PM, on 5/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\DOCUME~1\Chris\Desktop\CRAP\HIJACK~1\Chris.exe
O2 - BHO: (no name) - {D7D864DA-D4E6-4920-8FBA-063A8F30224A} - C:\WINDOWS\System32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F9829D24-24A4-42FE-8D4C-A53CEA080A8F} - C:\WINDOWS\System32\mljgh.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\xvsylfit.dll",realset
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: __c0031EF7 - C:\WINDOWS\System32\__c0031EF7.dat
O20 - Winlogon Notify: __c008900 - C:\WINDOWS\System32\__c008900.dat
O20 - Winlogon Notify: __c00904F1 - C:\WINDOWS\System32\__c00904F1.dat
O20 - Winlogon Notify: __c00EDFFC - C:\WINDOWS\System32\__c00EDFFC.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-- HijackThis Fixed Entries (C:\DOCUME~1\Chris\Desktop\CRAP\HIJACK~1\backups\) -
backup-20060713-140739-717 O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
backup-20060713-140739-758 O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\Chris\Desktop\security suite\ewidoctrl.exe (file missing)
backup-20061217-193341-102 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
backup-20061217-193341-131 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
backup-20061217-193341-322 O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
backup-20061217-193341-665 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
backup-20061217-193341-800 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20061217-193341-842 O4 - HKCU\..\Run: [AIM] "C:\Program Files\aim\aim.exe" -cnetwait.odl
backup-20061217-193341-874 O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Chris\LOCALS~1\Temp\MiniBug.exe 1
backup-20061217-193341-932 O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe" -a
backup-20061217-193443-282 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
backup-20061217-193443-297 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
backup-20061217-193443-726 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20061217-193443-773 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
backup-20061217-201106-337 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
backup-20061217-201106-411 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
backup-20061217-201106-465 O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20061217-201106-631 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
backup-20061217-201116-302 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
backup-20061217-201116-504 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
backup-20061217-201116-908 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
backup-20061217-201134-403 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
backup-20061219-233235-645 O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20061223-023057-712 O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20070206-185524-572 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20070212-232218-105 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
backup-20070212-232218-303 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070212-232218-425 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
backup-20070212-232218-481 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
backup-20070212-232218-570 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
backup-20070212-232218-666 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
backup-20070212-232218-740 O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
backup-20070212-232218-841 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
backup-20070212-232218-960 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
backup-20070308-171119-835 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070308-171125-723 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
backup-20070308-171125-881 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
backup-20070308-171138-404 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
backup-20070422-110349-238 O16 - DPF: {08882277-D04C-4A9D-845A-A28FE8CD0773} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxgate.net/zscript/pre.chm::/xpreload.cab
backup-20070502-164750-431 O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ctrtfbbi.dll",realset
backup-20070502-164750-440 O4 - HKCU\..\Run: [A00F1353B9FB.exe] C:\DOCUME~1\Chris\LOCALS~1\Temp\_A00F1353B9FB.exe
backup-20070502-164750-660 O4 - HKCU\..\Run: [A00F1353B826.exe] C:\DOCUME~1\Chris\LOCALS~1\Temp\_A00F1353B826.exe
backup-20070502-164750-835 O4 - HKCU\..\Run: [A00F1353BCAA.exe] C:\DOCUME~1\Chris\LOCALS~1\Temp\_A00F1353BCAA.exe
backup-20070504-110923-207 O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\iuloxppw.dll",realset
backup-20070504-110923-780 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
backup-20070504-110931-274 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
-- File Associations
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
S1 ewido security suite driver - c:\documents and settings\chris\desktop\security suite\guard.sys (file missing)
S3 JL2005 (JL2005A Toy Camera) - c:\windows\system32\drivers\toywdm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 RecAgent - c:\windows\system32\drivers\recagent.sys <Not Verified; ; Modem>
S3 TSP - c:\windows\system32\drivers\klif.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
S4 ewido security suite control - c:\documents and settings\chris\desktop\security suite\ewidoctrl.exe (file missing)
S4 ewido security suite guard - c:\documents and settings\chris\desktop\security suite\ewidoguard.exe (file missing)
S4 GoToMyPC - "c:\program files\expertcity\gotomypc\g2svc.exe" -service <Not Verified; Expertcity; GoToMyPC>
-- Scheduled Tasks
2007-05-07 15:14:00 364 --a
C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-05-05 12:56:00 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-04-07 and 2007-05-07
2007-05-07 16:08:35 0 d
C:\VundoFix Backups
2007-05-05 11:23:50 132660 --a
C:\WINDOWS\System32\xvsylfit.dll
2007-05-03 22:20:30 0 d
C:\NVIDIA
2007-05-03 15:44:00 0 d
C:\Documents and Settings\Chris\Application Data\Command & Conquer 3 Tiberium Wars
2007-05-03 15:43:05 0 dr-h
C:\Documents and Settings\Chris\Application Data\SecuROM
2007-05-03 15:43:04 98304 --a
C:\WINDOWS\System32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-05-03 15:38:33 1769472 --a
C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-03 15:38:33 1689600 --a
C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-03 15:26:37 132660 --a
C:\WINDOWS\System32\iuloxppw.dll
2007-05-03 14:32:49 0 d
C:\WINDOWS\System32\CatRoot2
2007-05-03 14:24:17 0 d
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-03 14:15:16 0 d
C:\Program Files\GameSpy
2007-05-02 16:43:42 65355 --a
C:\xcrashdump.dat
2007-04-28 15:32:09 36352 --a
C:\WINDOWS\System32\__c00EDFFC.dat
2007-04-28 15:32:09 36352 --a
C:\WINDOWS\System32\__c00904F1.dat
2007-04-28 15:32:08 36352 --a
C:\WINDOWS\System32\__c008900.dat
2007-04-28 15:32:08 36352 --a
C:\WINDOWS\System32\__c0031EF7.dat
2007-04-23 23:05:13 2629 --a
C:\svchost.exe
2007-04-17 09:48:18 0 d
C:\Documents and Settings\Guest\Application Data\AOL
2007-04-08 20:02:39 0 d
C:\Documents and Settings\Guest\Application Data\Viewpoint
2007-04-07 00:40:38 0 d
C:\Documents and Settings\Chris\Application Data\Viewpoint
-- Find3M Report
2007-05-03 22:21:26 0 d
C:\Program Files\Common Files\InstallShield
2007-05-03 14:00:09 0 d
C:\Program Files\Electronic Arts
2007-04-23 16:27:07 0 d
C:\Program Files\America Online 9.0
2007-04-11 22:42:38 0 d
C:\Program Files\Morpheus
2007-04-03 16:54:42 0 d--h
C:\Documents and Settings\Chris\Application Data\Move Networks
2007-03-31 00:14:59 0 d
C:\Program Files\Launcher
2007-03-31 00:11:01 0 d
C:\Program Files\Data
2007-02-24 14:21:54 25457 -ra
C:\Program Files\Readme.txt
2007-02-24 13:22:46 8232960 --a
C:\Program Files\DemoGame.dat <Not Verified; Electronic Arts Inc.; Command and Conquer 3 Tiberium Wars™ Demo>
2007-02-22 12:52:56 66826 --a
C:\tmp_mem.exe
2007-02-21 21:14:22 441639588 --a
C:\Program Files\DemoMovies.big
2007-02-21 19:12:08 1003520 --a
C:\Program Files\CNC3Demo.exe
2007-02-17 19:32:48 111969913 --a
C:\Program Files\DemoData.big
2007-02-17 19:31:22 829796937 --a
C:\Program Files\DemoStreams.big
2007-02-12 10:50:28 561 -ra
C:\Program Files\gi.dat
2007-02-12 10:40:44 115 -ra
C:\Program Files\CNC3_english_1.0.SkuDef
-- Registry Dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{D7D864DA-D4E6-4920-8FBA-063A8F30224A} C:\WINDOWS\System32\mljgh.dll [x]
{F9829D24-24A4-42FE-8D4C-A53CEA080A8F} C:\WINDOWS\System32\mljgh.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WindowsService"="rundll32.exe \"C:\\WINDOWS\\System32\\xvsylfit.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\aim\\aim.exe -cnetwait.odl"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"DisableTaskMgr"=dword:00000000
"DisableRegedit"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"qqtnfiqrvv.exe"="C:\\WINDOWS\\system\\qqtnfiqrvv.exe"
"djdgcg.exe"="C:\\WINDOWS\\system\\djdgcg.exe"
"atnta.exe"="C:\\WINDOWS\\system\\atnta.exe"
"sbdse.exe"="C:\\WINDOWS\\system\\sbdse.exe"
"kd1bmo"="C:\\WINDOWS\\System32\\kd1bmo.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{3F9D0C61-737D-44D1-BD80-91AF857061CC}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0031EF7
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008900
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00904F1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00EDFFC
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of Deckard's System Scanner: finished at 2007-05-07 at 16:20:07
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 503.48 MiB / 384.17 MiB
Pagefile Memory (total/avail): 1228.8 MiB / 1091.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973.59 MiB
C: is Fixed (NTFS) - 74.53 GiB total, 14.83 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
-- Security Center
AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GARLAND
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\GARLAND
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=GARLAND
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
windir=C:\WINDOWS
-- User Profiles
Chris (admin)
dEPOT
Administrator (admin)
Guest (guest)
-- Add/Remove Programs
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
56Kbps Internal Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Instant Messenger --> C:\Program Files\aim\uninstll.exe -LOG= C:\Program Files\aim\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Ares 1.9.9 --> "C:\Program Files\Ares\uninstall.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitTorrent 4.20.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
CompuServe --> C:\Program Files\Common Files\csshare\csunins_us.exe
Diet Analysis Plus 7.0.1 --> C:\Program Files\Diet Analysis Plus 7.0.1\uninst.exe
E2give Plug-in --> regsvr32 /u /s "C:\Program Files\E2G\IeBHOs.dll"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "C:\Program Files\Google\GoogleToolbar1.dll"
GoToMyPC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F4D4FD-1814-4068-B316-C28FC776C6DD}\Setup.exe" -l0x9 AddRemovePrograms
HijackThis 1.99.1 --> C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe /uninstall
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
IE Host R3 --> C:\WINDOWS\System32\cdrtmgr2.exe
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
IKEA Home Planner Kitchen --> C:\PROGRA~1\IKEAHO~1\UNWISE.EXE C:\PROGRA~1\IKEAHO~1\INSTALL.LOG
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Q824145 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q824145.inf
IOI Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.9.37 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MLB.com Shuffle (remove only) --> "C:\Program Files\MLB.com Shuffle\Uninstall.exe"
Morpheus 5.1 (remove only) --> "C:\Program Files\Morpheus\UninstMorpheus.exe"
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Chris\Application Data\Move Networks\ie_bin\unins000.exe"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Netscape 6 (6.2.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OIN --> C:\WINDOWS\System32\shex.exe open http://www.outerinfo.com/questionnaire.php
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.5.10.17\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Rockstar Custom Tracks 1.0 --> C:\Program Files\Rockstar Custom Tracks\uninst.exe
Select CashBack --> C:\WINDOWS\ujj621u9.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam(TM) --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Yahoo! Companion --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Zango Toolbar --> C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe
-- End of Deckard's System Scanner: finished at 2007-05-07 at 16:20:07
Scan saved at 4:27:37 PM, on 5/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\CRAP\hijackthis\Scanner.exe
O2 - BHO: (no name) - {D7D864DA-D4E6-4920-8FBA-063A8F30224A} - C:\WINDOWS\System32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F9829D24-24A4-42FE-8D4C-A53CEA080A8F} - C:\WINDOWS\System32\mljgh.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\xvsylfit.dll",realset
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: __c0031EF7 - C:\WINDOWS\System32\__c0031EF7.dat
O20 - Winlogon Notify: __c008900 - C:\WINDOWS\System32\__c008900.dat
O20 - Winlogon Notify: __c00904F1 - C:\WINDOWS\System32\__c00904F1.dat
O20 - Winlogon Notify: __c00EDFFC - C:\WINDOWS\System32\__c00EDFFC.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
The first thing I noticed was that you have two anti-virus programs in Eset and AVG
You should only be running one. Please uninstall one via add/remove programs.
I don't see any firewall running on your computer?
step #1
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,(if present:)
Viewpoint
Zango Toolbar
step #2
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O2 - BHO: (no name) - {D7D864DA-D4E6-4920-8FBA-063A8F30224A} - C:\WINDOWS\System32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F9829D24-24A4-42FE-8D4C-A53CEA080A8F} - C:\WINDOWS\System32\mljgh.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\xvsylfit.dll",realset
O20 - Winlogon Notify: __c0031EF7 - C:\WINDOWS\System32\__c0031EF7.dat
O20 - Winlogon Notify: __c008900 - C:\WINDOWS\System32\__c008900.dat
O20 - Winlogon Notify: __c00904F1 - C:\WINDOWS\System32\__c00904F1.dat
O20 - Winlogon Notify: __c00EDFFC - C:\WINDOWS\System32\__c00EDFFC.dat
Close ALL open windows
Click Fix Checked
Close HiajckThis
step #3
Reboot to safe mode
* If the computer is running, shut down Windows, and then turn off the power
* Wait 30 seconds, and then turn the computer on
* Start tapping the F8 key
* The Windows Advanced Options Menu appears
* Ensure that the Safe Mode option is selected
* Press Enter. The computer then begins to start in Safe mode
* Login on your usual account
Open My Computer.
Click Tools menu then click Folder Options.
Click the View tab.
Scroll to the ;Hidden files and folders; section and click Show hidden files and folders.;
Uncheck the Hide protected operating system files (recommended); option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK
step #4
Please delete the following folders,(if present)
C:\Documents and Settings\Chris\Application Data\Viewpoint
C:\Program Files\Zango Programs\Zango Toolbar
Please delete the following files,(if present)
C:\WINDOWS\System32\ __c0031EF7.dat
C:\WINDOWS\System32\ __c008900.dat
C:\WINDOWS\System32\ __c00904F1.dat
C:\WINDOWS\System32\ __c00EDFFC.dat
C:\WINDOWS\System32\ xvsylfit.dll
reboot your computer
step #5
Please download PurityScan uninstaller
Double click on the OiUninstaller.exe icon on your desktop
Click on Run
Enter the four digit code that is displayed and click on Uninstall
Click on Ok and reboot your computer
step #6
Download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post fresh HijackThis log ,and combofix.log;)